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DETAILED ACTION 

A request for continued examination under 37 CFR 1.114 was filed in this application 
after a decision by the Board of Patent Appeals and Interferences, but before the filing of a 
Notice of Appeal to the Court of Appeals for the Federal Circuit or the commencement of a civil 
action. Since this application is eligible for continued examination under 37 CFR 1.114 and the 
fee set forth in 37 CFR 1.17(e) has been timely paid, the appeal has been withdrawn pursuant 
to 37 CFR 1.114 and prosecution in this application has been reopened pursuant to 37 CFR 
1.114. Applicant's submission filed on 07/23/2010 has been entered. Claims 1-81 are pending 

Response to Arguments 

Applicant's arguments filed 07/23/2010 have been considered but are moot in view of 
the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-78 are rejected under 35 U.S.C. 103(a) as being unpatentable over Wood et al. 

(hereinafter Wood) (US Patent No. 6,668,322 B1) in view of Zhao US Patent 6,035,404 and 

further in view of Gupta et al. (hereinafter Gupta) (US Patent No. 6,226,752 B1). 

As per claims 1, 7 and 9 Wood teaches a method for performing user and session 
management over a computer network, comprising: 
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receiving in a first session a first request from a user for an application instance (user 
request for information resources / applications, see columns 4, lines 60-67 and column 5, lines 
1-9) , the request including a single identifier for all user requests without further user and 
session application variables (i.e., a user providing a unique session identifier, that is used for 
access requests to multiple applications) [column 8, lines 13-15, 45-49, and column 10, lines 
30-39, 49-53]; and 

transmitting an application instance response to the user based on stored user and 
session system information (if session information indicate sufficient authorization providing 
access to requested application or resource) [column 8, lines 13-25, column 19, lines, 33-44, 
64-67, column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single identifier 
used to identify both a session and a user. However, it is old and well known in the art to identify 
both a session and a user by a single identifier, which has the advantage of allowing flexible 
control of user logins and session information thereby enhancing security of the system. For 
example, Zhao teaches a user access system including a single identifier used to identify both a 
session and a user for all user requests (i.e., see for example, Session ID associated with IUID 
& Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a 
method for performing user and session management. It would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 



Application/Control Number: 09/812,634 Page 4 

Art Unit: 2435 

including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claim 8, Wood teaches a method for performing user and session management 
over a computer network, comprising: 

a processor, and a memory in communication with the processor, the memory for storing 
a plurality of processing instructions for enabling the processor to (9, lines 65-67, column 1 0, 
lines 1-29 and column 20, lines 35-60): 

receive a first request from a user for an application instance (user request for 
information resources / applications, see columns 4, lines 60-67 and column 5, lines 1-9) , the 
request including a single identifier for all user requests without further user and session 
application variables (i.e., a user providing a unique session identifier, that is used for access 
requests to multiple applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 
49-53]; and 

transmit an application instance response to the user based on stored user and session 
system information (if session information indicate sufficient authorization providing access to 
requested application or resource) [column 8, lines 13-25, column 19, lines, 33-44, 64-67, 
column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single identifier used to 
identify both a session and a user. However, it is old and well known in the art to identify both a 
session and a user by a single identifier, which has the advantage of allowing flexible control of 



Application/Control Number: 09/812,634 Page 5 

Art Unit: 2435 

user logins and session information thereby enhancing security of the system. For example, 
Zhao teaches a user access system including a single identifier used to identify both a session 
and a user for all user requests (i.e., see for example, Session ID associated with IUID & Start 
Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a method 
for performing user and session management. It would have been obvious to one having 
ordinary skill in the art at the time of applicant's invention to employ the teachings of Zhao within 
the system of Wood thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claims 10, 17 and 19, Wood teaches a method for performing user and session 
management over a computer network, comprising: 

receiving a request for an application instance from a user (user request for information 
resources / applications[columns 4, lines 60-67 and column 5, lines 1-9]; 
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assigning a single identifier to the user for handling all user requests(i.e., providing a 
unique session identifier to a user, that is used for access requests to multiple applications) 
[column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

transmitting an application instance response to the user, wherein the single identifier is 
static for all requests from the user for a session [column 8, lines 13-25, column 19, lines, 33-44, 
64-67, column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single identifier 
used to identify both a session and a user. However, it is old and well known in the art to identify 
both a session and a user by a single identifier, which has the advantage of allowing flexible 
control of user logins and session information thereby enhancing security of the system. For 
example, Zhao teaches a user access system including a single identifier used to identify both a 
session and a user for all user requests (i.e., see for example, Session ID associated with IUID 
& Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a 
method for performing user and session management. It would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
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Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claim 18, Wood teaches an apparatus for performing user and session 
management over a computer network, comprising: 

a processor, and a memory in communication with the processor, the memory for storing 
a plurality of processing instructions for enabling the processor to (9, lines 65-67, column 1 0, 
lines 1-29 and column 20, lines 35-60): 

receive a request for an application instance from a user (user request for information 
resources / applications )[columns 4, lines 60-67 and column 5, lines 1-9]; 

assign a single identifier to the user for handling all user requests(i.e., providing a unique 
session identifier to a user, that is used for access requests to multiple applications) [column 8, 
lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

transmit an application instance response to the user, wherein the single identifier is 
static for all requests from the user for a session [column 8, lines 13-25, column 19, lines, 33-44, 
64-67, column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single identifier 
used to identify both a session and a user. However, it is old and well known in the art to identify 
both a session and a user by a single identifier, which has the advantage of allowing flexible 
control of user logins and session information thereby enhancing security of the system. For 
example, Zhao teaches a user access system including a single identifier used to identify both a 
session and a user for all user requests (i.e., see for example, Session ID associated with IUID 
& Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a 
method for performing user and session management. It would have been obvious to one 
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having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claims 20, 26 and 28, Wood teaches a method for performing user and session 
management over a computer network, comprising: 

receiving a first request from a user for a first application instance, the first request 
including an identifier (user request for information resources / applications)[columns 4, lines 60- 
67, column 5, lines 1-9, column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; 

transmitting a first application instance response to the user [column 19, lines 64-67, 
column 20, lines 1-8 and column 9, lines 40-63]; 

receiving a second request from the user for a second application instance, the 
second request including the identifier, and processing the request with the second application 
instance [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]. Wood is 
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silent on a single identifier used to identify both a session and a user. However, it is old and well 
known in the art to identify both a session and a user by a single identifier, which has the 
advantage of allowing flexible control of user logins and session information thereby enhancing 
security of the system. For example, Zhao teaches a user access system including a single 
identifier used to identify both a session and a user for all user requests (i.e., see for example, 
Session ID associated with IU ID & Start Time and Time out) [column 5, lines 39-67 and figure 
6]. Both Wood and Zhao teach a method for performing user and session management. It would 
have been obvious to one having ordinary skill in the art at the time of applicant's invention to 
employ the teachings of Zhao within the system of Wood thereby enhancing the security of the 
system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claim 27, Wood teaches an apparatus for performing user and session 
management over a computer network, comprising: 
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a processor, and a memory in communication with the processor, the memory for storing 
a plurality of processing instructions for enabling the processor to (9, lines 65-67, column 1 0, 
lines 1-29 and column 20, lines 35-60): 

receive a first request from a user for a first application instance, the first request 
including an identifier (user request for information resources / applications)[columns 4, lines 60- 
67, column 5, lines 1-9, column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; 

transmit a first application instance response to the user [column 19, lines 64-67, column 
20, lines 1-8 and column 9, lines 40-63]; 

receive a second request from the user for a second application instance, the 
second request including the identifier, and processing the request with the second application 
instance [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]. Wood is 
silent on a single identifier used to identify both a session and a user. However, it is old and well 
known in the art to identify both a session and a user by a single identifier, which has the 
advantage of allowing flexible control of user logins and session information thereby enhancing 
security of the system. For example, Zhao teaches a user access system including a single 
identifier used to identify both a session and a user for all user requests (i.e., see for example, 
Session ID associated with IU ID & Start Time and Time out) [column 5, lines 39-67 and figure 
6]. Both Wood and Zhao teach a method for performing user and session management. It would 
have been obvious to one having ordinary skill in the art at the time of applicant's invention to 
employ the teachings of Zhao within the system of Wood thereby enhancing the security of the 
system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
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explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claims 29, 36-38, 44 and 46, Wood teaches a method for performing user and 
session management over a computer network, comprising: 

receiving, from a user, a first request in a first session, the request including an identifier 
(note that unique session identifier is used for access requests to multiple applications) [column 
8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; 

transmitting a first application instance response to the user in response to the first 
request [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]; 

receiving, from the user, a second request in a second session, the second user request 
including the identifier, and processing the second request through the first application instance 
[column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]. Wood is silent on a 
single identifier used to identify both a session and a user. However, it is old and well known in 
the art to identify both a session and a user by a single identifier, which has the advantage of 
allowing flexible control of user logins and session information thereby enhancing security of the 
system. For example, Zhao teaches a user access system including a single identifier used to 
identify both a session and a user for all user requests (i.e., see for example, Session ID 
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associated with IUID & Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both 
Wood and Zhao teach a method for performing user and session management. It would have 
been obvious to one having ordinary skill in the art at the time of applicant's invention to employ 
the teachings of Zhao within the system of Wood thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claims 35 and 45, Wood teaches an apparatus for performing user and session 
management over a computer network, comprising (9, lines 65-67, column 10, lines 1-29 and 
column 20, lines 35-60): 

a processor, and a memory in communication with the processor, the memory for storing 
a plurality of processing instructions for enabling the processor to (9, lines 65-67, column 1 0, 
lines 1-29 and column 20, lines 35-60): 

receive, from a user, a first request in a first session, the request including an identifier 
[column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; 
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transmit a first application instance response to the user in response to the first request 
[column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]; 

receive, from the user, a second request in a second session, the second user request 
including the identifier, and process the second request through the first application instance 
[column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]. Wood is silent on a 
single identifier used to identify both a session and a user. However, it is old and well known in 
the art to identify both a session and a user by a single identifier, which has the advantage of 
allowing flexible control of user logins and session information thereby enhancing security of the 
system. For example, Zhao teaches a user access system including a single identifier used to 
identify both a session and a user for all user requests (i.e., see for example, Session ID 
associated with IUID & Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both 
Wood and Zhao teach a method for performing user and session management. It would have 
been obvious to one having ordinary skill in the art at the time of applicant's invention to employ 
the teachings of Zhao within the system of Wood thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
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Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claims 47, 55 and 57, Wood teaches a method for performing user and session 
management over a computer network, comprising: 

receiving a first request from a first user session for a user, the first request including an 
identifier [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]; and 

transmitting a first response to the first request, based on the identifier and a first system 
session variable stored in a user database (if session information indicate sufficient 
authorization providing access to requested application or resource) [column 8, lines 13-25, 
column 19, lines, 33-44, 64-67, column 20, lines 1-7 and column 11, lines 12-33]; 

receiving a second request from a second user session for the user, the second request 
including the identifier without further user or session application variables, and transmitting a 
second response to the second request, based on the identifier and a second system session 
variable stored in the user database [column 19, lines 64-67, column 20, lines 1-8 and column 
9, lines 40-63]. Wood is silent on a single identifier used to identify both a session and a user. 
However, it is old and well known in the art to identify both a session and a user by a single 
identifier, which has the advantage of allowing flexible control of user logins and session 
information thereby enhancing security of the system. For example, Zhao teaches a user 
access system including a single identifier used to identify both a session and a user for all user 
requests (i.e., see for example, Session ID associated with IUID & Start Time and Time out) 
[column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a method for performing user 
and session management. It would have been obvious to one having ordinary skill in the art at 
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the time of applicant's invention to employ the teachings of Zhao within the system of Wood 
thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claim 56, Wood teaches an apparatus for performing user and session 
management over a computer network, comprising: 

a processor, and a memory in communication with the processor, the memory for storing 
a plurality of processing instructions for enabling the processor to (9, lines 65-67, column 1 0, 
lines 1-29 and column 20, lines 35-60): 

receive a first request from a first user session for a user, the first request including an 
identifier [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]; and 

transmit a first response to the first request, based on the identifier and a first system 
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session variable stored in a user database (if session information indicate sufficient 
authorization providing access to requested application or resource) [column 8, lines 13-25, 
column 19, lines, 33-44, 64-67, column 20, lines 1-7 and column 11, lines 12-33]; 

receive a second request from a second user session for the user, the second request 
including the identifier without further user or session application variables, and transmitting a 
second response to the second request, based on the identifier and a second system session 
variable stored in the user database [column 19, lines 64-67, column 20, lines 1-8 and column 
9, lines 40-63]. Wood is silent on a single identifier used to identify both a session and a user. 
However, it is old and well known in the art to identify both a session and a user by a single 
identifier, which has the advantage of allowing flexible control of user logins and session 
information thereby enhancing security of the system. For example, Zhao teaches a user 
access system including a single identifier used to identify both a session and a user for all user 
requests (i.e., see for example, Session ID associated with IUID & Start Time and Time out) 
[column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a method for performing user 
and session management. It would have been obvious to one having ordinary skill in the art at 
the time of applicant's invention to employ the teachings of Zhao within the system of Wood 
thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
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time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claims 58, 65 and 67, Wood teaches a method for performing user and session 
management over a computer network, comprising: 

receiving a first request from a first user, the first request including a first identifier 
corresponding to the first user [column 5, lines 1-9, column 8, lines 13-15, 45-49, and column 
10, lines 30-39, 49-53]; 

receiving a second request from a second user, the second request including a 
second identifier corresponding to the second user (note that a unique session identifier is 
provided for users, i.e., during request for resources users include the unique session identifier) 
[column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

generating a first application instance responsive to the first identifier and a second 
application instance responsive to the second identifier [column 8, lines 13-25, column 19, lines, 
33-44, 64-67, column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single 
identifier used to identify both a session and a user. However, it is old and well known in the art 
to identify both a session and a user by a single identifier, which has the advantage of allowing 
flexible control of user logins and session information thereby enhancing security of the system. 
For example, Zhao teaches a user access system including a single identifier used to identify 
both a session and a user for all user requests (i.e., see for example, Session ID associated 
with IUID & Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao 
teach a method for performing user and session management. It would have been obvious to 
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one having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claim 66, Wood teaches an apparatus for performing user and session 
management over a computer network, comprising: 

a processor, and a memory in communication with the processor, the memory for storing a 
plurality of processing instructions for enabling the processor to (9, lines 65-67, column 10, lines 
1-29 and column 20, lines 35-60): 

receive a first request from a first user, the first request including a first identifier 
corresponding to the first user [column 5, lines 1-9, column 8, lines 13-15, 45-49, and column 
10, lines 30-39, 49-53]; 

receive a second request from a second user, the second request including a 
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second identifier corresponding to the second user (note that a unique session identifier is 
provided for users, i.e., during request for resources users include the unique session identifier) 
[column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

generate a first application instance responsive to the first identifier and a second 
application instance responsive to the second identifier [column 8, lines 13-25, column 19, lines, 
33-44, 64-67, column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single 
identifier used to identify both a session and a user. However, it is old and well known in the art 
to identify both a session and a user by a single identifier, which has the advantage of allowing 
flexible control of user logins and session information thereby enhancing security of the system. 
For example, Zhao teaches a user access system including a single identifier used to identify 
both a session and a user for all user requests (i.e., see for example, Session ID associated 
with IUID & Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao 
teach a method for performing user and session management. It would have been obvious to 
one having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
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Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claim 68, Wood teaches a method for performing user and session management 
over a computer network, comprising: 

receiving, from a first user, a first request in a first session, the first request including a 
first identifier [column 5, lines 1-9, column 8, lines 13-15, 45-49, and column 10, lines 30-39, 
49-53]; 

transmitting a first application instance to the first user in response to the first request 
[column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]; 

receiving, from the first user, a second request in a second session, the second request 
including the first identifier, and processing the second request through the first application 
instance [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]; 

receiving, from a second user, a third request in a third user session, the third request 
including a second identifier corresponding to the second user (note that a unique session 
identifier is provided for users, i.e., during request for resources users include the unique 
session identifier) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

transmitting a second application instance to the second user in response to the third 
request [column 8, lines 13-25, column 19, lines, 33-44, 64-67, column 20, lines 1-7 and column 
11, lines 12-33]. Wood is silent on a single identifier used to identify both a session and a user. 
However, it is old and well known in the art to identify both a session and a user by a single 
identifier, which has the advantage of allowing flexible control of user logins and session 
information thereby enhancing security of the system. For example, Zhao teaches a user 
access system including a single identifier used to identify both a session and a user for all user 
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requests (i.e., see for example, Session ID associated with IUID & Start Time and Time out) 
[column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a method for performing user 
and session management. It would have been obvious to one having ordinary skill in the art at 
the time of applicant's invention to employ the teachings of Zhao within the system of Wood 
thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 

As per claims 75 and 77, Wood teaches a method for interacting A method for 
interacting with a central server over a computer network, comprising: 

transmitting a first request to a central server, the first request including a user identifier 
[column 5, lines 1-9, column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; 
receiving a first application instance in response to the first request [column 19, lines 64- 
67, column 20, lines 1-8 and column 9, lines 40-63]; and 

transmitting a second request to the central server, the second request including the 
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identifier without further user or session application variables [column 19, lines 64-67, column 
20, lines 1-8 and column 9, lines 40-63]; and 

receiving a response to the second request from the application instance [column 19, 
lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]. Wood is silent on a single identifier 
used to identify both a session and a user. However, it is old and well known in the art to identify 
both a session and a user by a single identifier, which has the advantage of allowing flexible 
control of user logins and session information thereby enhancing security of the system. For 
example, Zhao teaches a user access system including a single identifier used to identify both a 
session and a user for all user requests (i.e., see for example, Session ID associated with IUID 
& Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a 
method for performing user and session management. It would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 
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As per claims 3, 13, 23, 31, 40, 51, 61 and 71, Wood further teaches the method further 
comprising: authenticating an identification of the user [column 8, lines 19-25, column 13, lines 
37-67]; and assigning the single identifier to the user [column 14, lines 43-67, column 3, lines 
13-18]. 

As per claim 4, 14, 24, 32, 41, 52, 62 and 72, Wood further teaches the method wherein 
said authenticating comprises: 

transmitting a request for a user name and a password to the user [column 7, lines 1- 

24]; 

receiving the user name and password from the user [column 7, lines 1-24, and column 
13, lines 60-67]; and 

comparing the user name and password to stored parameters [column 13, lines 43-47 
and 7, lines 30-33]. 

As per claims 5, 15, 33, 42, 53, 63 and 73, Wood further teaches the method further 
comprising: 

receiving a second (third / fourth) request form the user for a second application 
instance, the second request including the identifier, and processing the request with the 
application instance [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]. 

As per claims 6 and 1 6, Wood further teaches the method further comprising: 
receiving a second request from a second user, the second request including a second 
identifier corresponding to the second user (note that a unique session identifier is provided for 
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users, i.e., during request for resources users include the unique session identifier) [column 8, 
lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

generating a second application instance responsive to the second identifier [column 19, 
64-67, column 20, lines 1-7 and column 9, lines 40-63]. 

As per claims 12, 22, 48, 49, 59, 69, 76 and 78, Wood further teaches the method, 
wherein the identifier does not include user or session application variables for use by the 
application instance (unique session identifier, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. 

As per claims 25, 34, 43, 54, 64 and 74, Wood further teaches the method further 
comprising: 

receiving a third request from a second user, the second request including a second 
identifier corresponding to the second user (note that a unique session identifier is provided for 
users, i.e., during request for resources users include the unique session identifier) [column 8, 
lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

generating a second application instance responsive to the second identifier [column 19, 
64-67, column 20, lines 1-7 and column 9, lines 40-63]. 

As per claims 2, 1 1 , 21 , 30, 39, 50, 60 and 70, Wood-Zhao teaches the method as 
applied above. Furthermore, Wood teaches assigning a single identifier to the user for handling 
all user requests (i.e., providing a unique session identifier to a user, that is used for access 
requests to multiple applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49- 
53]. Wood does not explicitly teach the method wherein the single identifier includes a random 
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number associated with the user. However Gupta teaches an authentication and session 
management system including a session identifier that includes a random number associated 
with the user [column 6, lines 21-35]. Therefore it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to incorporate a session identifier that 
includes a random number associated with a user as per teachings of Gupta into the session 
management system of Wood-Zhao, because random generated identifier uniquely identify a 
user for session management with multiple applications. 

As per claims 79-81, Wood teaches a method for performing user and session 
management over a computer network, comprising: 

receiving in a first session a first request from a user for an application instance (user 
request for information resources / applications, see columns 4, lines 60-67 and column 5, lines 
1-9) , the request including a single identifier for all user requests without further user and 
session application variables (i.e., a user providing a unique session identifier, that is used for 
access requests to multiple applications) [column 8, lines 13-15, 45-49, and column 10, lines 
30-39, 49-53]; and 

transmitting an application instance response to the user based on stored user and 
session system information (if session information indicate sufficient authorization providing 
access to requested application or resource) [column 8, lines 13-25, column 19, lines, 33-44, 
64-67, column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single identifier 
used to identify both a session and a user. However, it is old and well known in the art to identify 
both a session and a user by a single identifier, which has the advantage of allowing flexible 
control of user logins and session information thereby enhancing security of the system. For 
example, Zhao teaches a user access system including a single identifier used to identify both a 
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session and a user for all user requests (i.e., see for example, Session ID associated with IUID 
& Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a 
method for performing user and session management. It would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 

Wood teaches assigning a single identifier to the user for handling all user requests (i.e., 
providing a unique session identifier to a user, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. Wood does not 
explicitly teach the method wherein the single identifier includes a random number associated 
with the user. However Gupta teaches an authentication and session management system 
including a session identifier that includes a random number associated with the user [column 6, 
lines 21-35]. Gupta further teaches using the random number to search information in a 
database to identify the user, retrieving an instance of a user object corresponding to the 
identifier user; the retrieved user object using a resource locator in the request to identify a web 
application and the user object transmitting an instance of the identified web application to the 
user (Note that, a cookie is used for multiple requests) [column 12, lines 43-column 13, line 40]. 
Therefore it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to incorporate a session identifier that includes a random number 
associated with a user as per teachings of Gupta into the session management system of 
Wood-Zhao, because random generated identifier uniquely identify a user for session 
management with multiple applications. 



Conclusion 
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